agenttesla | 8ccd42bbaf4f9df006e379a2a3aa45107157995cf62bd70d8de997cf6f7c2cf0 | Triage

Submit
Reports

Overview

overview

Static

static

3

460ad85629...18.exe

windows7-x64

460ad85629...18.exe

windows10-2004-x64

Sharing

General

Target

460ad856298bbeef4b112cb888055296_JaffaCakes118
Size

475KB
Sample

241015-f1bhxs1djn
MD5

460ad856298bbeef4b112cb888055296
SHA1

fe5f5bc54e98c02e8119a6d86a72c3a94e755c7c
SHA256

8ccd42bbaf4f9df006e379a2a3aa45107157995cf62bd70d8de997cf6f7c2cf0
SHA512

75f49c14623af3dff5e7d50660e71ac5add3d60d93c89a75ab27f0044c72fb6615a4ac90089d2b6c80fc614ec1e356dfc4b1e049dac2eb064c11060a7fdb21e7
SSDEEP

12288:l3taORhPVcmcjwNRkwfJptUO76UJ4roU7h7AN3gB+M9eZaPRsXvo0AKqgqV:l3kOTKUYAC9UAoShsKB+ML/

Score

10^/10

agenttesla collection credential_access discovery evasion keylogger persistence privilege_escalation rezer0 spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

460ad856298bbeef4b112cb888055296_JaffaCakes118.exe

Resource

win7-20240903-en

agenttesla collection credential_access discovery evasion keylogger persistence privilege_escalation rezer0 spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

460ad856298bbeef4b112cb888055296_JaffaCakes118.exe

Resource

win10v2004-20241007-en

agenttesla collection credential_access discovery evasion keylogger persistence privilege_escalation rezer0 spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dianaglobalmandiri.com
Port:
587
Username:
[email protected]
Password:
Batam2019

Targets

- Target
  
  460ad856298bbeef4b112cb888055296_JaffaCakes118
- Size
  
  475KB
- MD5
  
  460ad856298bbeef4b112cb888055296
- SHA1
  
  fe5f5bc54e98c02e8119a6d86a72c3a94e755c7c
- SHA256
  
  8ccd42bbaf4f9df006e379a2a3aa45107157995cf62bd70d8de997cf6f7c2cf0
- SHA512
  
  75f49c14623af3dff5e7d50660e71ac5add3d60d93c89a75ab27f0044c72fb6615a4ac90089d2b6c80fc614ec1e356dfc4b1e049dac2eb064c11060a7fdb21e7
- SSDEEP
  
  12288:l3taORhPVcmcjwNRkwfJptUO76UJ4roU7h7AN3gB+M9eZaPRsXvo0AKqgqV:l3kOTKUYAC9UAoShsKB+ML/
Score

10^/10

agenttesla collection credential_access discovery evasion keylogger persistence privilege_escalation rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoveryevasionkeyloggerpersistenceprivilege_escalationrezer0spywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoveryevasionkeyloggerpersistenceprivilege_escalationrezer0spywarestealertrojan

© 2018-2025

Terms | Privacy